[ruby-core:117280] [Ruby master Bug#20385] Backport CVE-2024-27280

Issue #20385 has been reported by hsbt (Hiroshi SHIBATA). ---------------------------------------- Bug #20385: Backport CVE-2024-27280 https://bugs.ruby-lang.org/issues/20385 * Author: hsbt (Hiroshi SHIBATA) * Status: Closed * Backport: 3.0: REQUIRED, 3.1: REQUIRED, 3.2: DONTNEED, 3.3: DONTNEED ---------------------------------------- I disclosed https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/ today. This StringIO versions should be backported in the next release. * For Ruby 3.0: https://github.com/ruby/ruby/pull/10320 * For Ruby 3.1: https://github.com/ruby/ruby/pull/10321 -- https://bugs.ruby-lang.org/